60,000 WordPress sites at risk due to plugin security flaw

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...
Infosecurity-magazine.com

Critical WordPress Plugin Bugs Exploited En Masse

Threat actors are attempting to exploit three critical CVEs from 2024 impacting two popular WordPress plugins, according to Wordfence. The security vendor claimed that the bugs affect the GutenKit and ...
Dark Reading

WordPress Bug 'Patch' Installs Backdoor for Full Site Takeover

Attackers are targeting WordPress users with a fake security alert that warns of a fabricated remote code execution (RCE) flaw; it offers a "patch" that in actuality spreads malicious code that can ...
Dark Reading

WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug

WordPress plug-ins allow organizations to quickly extend the functionality of their websites without requiring any coding or advanced technical skills. But they have also been the biggest source of ...

Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...
Digital Trends

A new WordPress bug may have left 2 million sites vulnerable

A flaw in two WordPress custom plug-ins leaves users vulnerable to cross-site scripting attacks (XSS), according to a recent report. The flaw, called CVE-2023-30777 was discovered on May 2 and was ...
Ars Technica

As many as 1 million sites imperiled by dangerous bug in WordPress plugin

Wordpress plugins are the bane of my existence. Most "designers/developers" try to fill all the business needs with a plugin and wonder why its so hard to manage. While this specific plugin is an ...
Infosecurity-magazine.com

WooCommerce Bug Exploited in Targeted WordPress Attacks

Security researchers have recorded over one million attempts to compromise a popular WordPress plugin over the past few days. Wordfence said the attacks began on July 14 and continued over the weekend ...
Searchenginejournal.com

WordPress 6.4.1 Maintenance Release Fixes Bugs In Version 6.4

WordPress released a maintenance release on Wednesday evening to fix problems discovered shortly after WordPress 6.4 was released to the public on Tuesday November 7th. Two of issues were somewhat ...
Bleeping Computer

WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
Searchenginejournal.com

WordPress 6.5 Release Derailed By Bugs In New Feature

What derailed the 6.5 release is a new Font Library feature for managing fonts that also makes using Google Fonts GDPR compliant. The GDPR compliance part is a nice feature that allows a publisher to ...